Compare commits
5 commits
e462d571b6
...
681234910a
Author | SHA1 | Date | |
---|---|---|---|
Daniele Tricoli | 681234910a | ||
Daniele Tricoli | d4da774437 | ||
Daniele Tricoli | 29f8bb17f7 | ||
Daniele Tricoli | acaa379bea | ||
Daniele Tricoli | 419fbd04a4 |
|
@ -15,3 +15,5 @@ mailserver_vmail_user: vmail
|
|||
|
||||
mailserver_tls_cert_file: "/var/lib/dehydrated/certs/{{ mailserver_mailname }}/fullchain.pem"
|
||||
mailserver_tls_key_file: "/var/lib/dehydrated/certs/{{ mailserver_mailname }}/privkey.pem"
|
||||
|
||||
mailserver_dkim_selector: 2022
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# Managed by Ansible.
|
||||
|
||||
autolearn = true;
|
||||
backend = "redis";
|
||||
expire = 8640000;
|
||||
new_schema = true;
|
||||
|
|
|
@ -1,13 +1,20 @@
|
|||
---
|
||||
- block:
|
||||
|
||||
- name: systemctl restart dovecot
|
||||
systemd:
|
||||
name: dovecot.service
|
||||
state: restarted
|
||||
become: true
|
||||
- name: systemctl restart dovecot
|
||||
systemd:
|
||||
name: dovecot.service
|
||||
state: restarted
|
||||
|
||||
- name: systemctl restart postfix
|
||||
systemd:
|
||||
name: postfix.service
|
||||
state: restarted
|
||||
become: true
|
||||
- name: systemctl restart postfix
|
||||
systemd:
|
||||
name: postfix.service
|
||||
state: restarted
|
||||
|
||||
- name: systemctl restart opendkim
|
||||
systemd:
|
||||
name: opendkim.service
|
||||
state: restarted
|
||||
|
||||
become: "{{ mailserver_become }}"
|
||||
become_user: "{{ mailserver_become_user }}"
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
- block:
|
||||
|
||||
- import_tasks: vmail.yml
|
||||
- import_tasks: opendkim.yml
|
||||
- import_tasks: postfix.yml
|
||||
- import_tasks: dovecot.yml
|
||||
- import_tasks: rspamd.yml
|
||||
|
|
39
roles/mailserver/tasks/opendkim.yml
Normal file
39
roles/mailserver/tasks/opendkim.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
|
||||
- name: install opendkim
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- opendkim
|
||||
- opendkim-tools
|
||||
state: present
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: check if the DKIM cert for specified selector exists
|
||||
stat:
|
||||
path: "/etc/dkimkeys/{{ mailserver_dkim_selector }}.private"
|
||||
register: dkim_cert
|
||||
|
||||
- name: generate key pair for domain and selector
|
||||
shell: |
|
||||
sudo -u opendkim opendkim-genkey -D /etc/dkimkeys -d {{ mailserver_mailname }} -s {{ mailserver_dkim_selector }}
|
||||
when: not dkim_cert.stat.exists
|
||||
|
||||
- name: configure DKIM
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/opendkim.conf
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
state: present
|
||||
with_items:
|
||||
- regexp: "^#?Domain"
|
||||
line: "Domain {{ mailserver_mailname }}"
|
||||
- regexp: "^#?Selector"
|
||||
line: "Selector {{ mailserver_dkim_selector }}"
|
||||
- regexp: "^#?KeyFile"
|
||||
line: "KeyFile /etc/dkimkeys/{{ mailserver_dkim_selector }}.private"
|
||||
- regexp: '^#?Socket(\s+)local:/run/opendkim/opendkim.sock'
|
||||
line: "#Socket local:/run/opendkim/opendkim.sock"
|
||||
- regexp: '^#?Socket(\s+)inet:8891@localhost'
|
||||
line: "Socket inet:8891@localhost"
|
||||
notify: systemctl restart opendkim
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
|
||||
- name: install sqlite3
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: sqlite3
|
||||
update_cache: true
|
||||
cache_valid_time: 3600
|
||||
|
||||
- name: import schema
|
||||
shell: |
|
||||
ansible.builtin.shell: |
|
||||
sqlite3 /etc/dovecot/authdb.sqlite << EOF
|
||||
CREATE TABLE IF NOT EXISTS alias (
|
||||
address VARCHAR(255) NOT NULL PRIMARY KEY,
|
||||
|
@ -42,7 +42,7 @@
|
|||
EOF
|
||||
|
||||
- name: ensure /etc/dovecot/authdb.sqlite is owned by dovecot and postfix
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ mailserver_auth_database }}"
|
||||
owner: dovecot
|
||||
group: postfix
|
||||
|
|
|
@ -99,3 +99,7 @@ local_recipient_maps = $virtual_mailbox_maps
|
|||
|
||||
virtual_transport = dovecot
|
||||
dovecot_destination_recipient_limit = 1
|
||||
|
||||
# OpenDKIM
|
||||
smtpd_milters = inet:localhost:8891
|
||||
non_smtpd_milters = $smtpd_milters
|
||||
|
|
Loading…
Reference in a new issue